MacRumors

macrumors bot
Original poster
Apr 12, 2001
54,138
15,945
https://www.macrumors.com/images/macrumorsthreadlogodarkd.png


165329-itunes_icon.jpg


A report in the San Jose Mercury News yesterday and a follow-up post by TechCrunch this morning are again bringing publicity to users who have experienced unauthorized charges via their iTunes Store accounts. According to the reports, the majority of complaints are coming from PayPal users who have linked their payment accounts to their iTunes Store accounts.
At least one group of scammers has found a way to charge thousands of dollars to iTunes accounts through PayPal. One targeted customer told us, "My account was charged over $4700. I called security at PayPal and was told a large number of iTunes store accounts were compromised." His email was filled with nearly 50 receipts from PayPall for $99.99 each. He was able to catch it before his bank disbursed funds to PayPal.
According to All Things Digital, this latest round of unauthorized charges again appears to be stemming from nothing more than successful phishing attempts and there has been no security breach within the iTunes Store or PayPal.
There's no security hole in iTunes and if you've been unfortunate enough to have hundreds of dollars in unauthorized purchases charged to your iTunes acount it's likely because you've fallen victim to a phishing scam - a variation on the one that's been around for years now. Sources close to Apple tell me iTunes has not been compromised and the company isn't aware of any sudden increase in fraudulent transactions.
Reports of "App Store hacked" surfaced earlier last month when one developer was able to use a relatively small number of iTunes Store accounts apparently compromised by such means to game the App Store rankings. With over 100 million accounts linked to credit card numbers, the iTunes Store is a popular target for phishing attempts, and Apple has repeatedly reminded customers to maintain proper security over their account information and to contact their credit card companies should unauthorized charges appear on their accounts.

Article Link: PayPal Charges Result in Renewed Publicity Surrounding iTunes Account Phishing Attacks
 

theheadguy

macrumors 65816
Apr 26, 2005
1,143
1,369
california
Recently, my account was 'hacked' but it was not linked to PayPal. What pissed me off is Apple protects the hacker, and refuses to disclose who they are, or even their username or e-mail address. My bank did a charge-back and I did get every penny back, with no thanks to Apple.
 
Comment

japanime

macrumors 68020
Feb 27, 2006
2,296
2,712
Japan
Recently, my account was 'hacked' but it was not linked to PayPal. What pissed me off is Apple protects the hacker, and refuses to disclose who they are, or even their username or e-mail address. My bank did a charge-back and I did get every penny back, with no thanks to Apple.

For legal reasons, Apple wouldn't release that information to just anyone. Rest assured, though, that the info is certainly being provided to the authorities.
 
Comment

ichiban06

macrumors regular
Jun 20, 2009
124
0
can you remove your payment info from your account? I usually use Gift Cards codes.
 
Comment

bitWrangler

macrumors member
Nov 19, 2007
96
0
Jeez, I wish more specifics about the "hack" would surface. If this is a case of someone using well known passwords to gain entry to "weakly protected accounts", then in reality it has nothing to do with itunes (though there may be aspects of itunes/appstore that help to facilitate the movement of funds once hacked). So for someone like me, who has a strong password and don't click on browser links that launch itunes, ever, I want to know if this is a general issue or a typical "lame user" issue.
 
Comment

ChrisA

macrumors G4
Jan 5, 2006
11,836
622
Redondo Beach, California
This is just a case where if you get 100 million people then you also have a million first percentile idiots. I bet it's not hard to fool people who are in that first percentile club,

OK even so. Apple could make the system safer. For example it could simply not let you type in a text string that exists on your keyring except under certain conditions. Or Safari could look for common names in a URL like "paypal" that are not in a domain owned by paypal. There are 100 other thiings that could do

I think Apple is correct to say there are no security holes in there system. But that is not that same as saying it is as safe as they can make it. "not defective" is just the minimal level of safety
 
Comment

HyperZboy

macrumors 65816
Feb 7, 2007
1,086
1
The SCARY part of this is... Have you ever tried to call PAYPAL/EBAY?

It's a nightmare to say the least. All of their customer service is run by Mormons in Utah, so if you even say the word "damn" you're likely to get hung up on if you are even successful in getting live help at all. And that's no lie.

And PAYPAL/EBAY NEVER admits they made a mistake EVER or shouldn't have authorized a transaction!

I once sold something on EBAY and the transaction was clearly limited to U.S. ONLY, yet Ebay allowed someone in Europe to bid and win the auction. I refused to ship the item and got negative feedback for which there is no recourse even though it was Ebay's fault. Ebay/Paypal wouldn't do anything except reverse the payment.

I once had someone charge ITALIAN RAIL TICKETS on my Paypal card at an Italian restaurant in Philadelphia. Yes, I mean rail tickets totaling over $1000 IN ITALY and they didn't believe I wasn't in ITALY! I said, "Are you people nuts? You can clearly see I just used the card at an Italian restaurant in Philadelphia. How could I have been in ITALY AN HOUR LATER?"

After my temper flared and I was hung up on once by a Mormon in Utah, it was eventually resolved, but not without a huge fight and it took an entire week to get the money back. Grrrrrrrrrrr.

Finally, many people assume PAYPAL is like a bank and governed by the FEDS or SEC guidelines for transactions. WRONG!

Google Paypal problems and you'll see how many anti-Paypal websites there are.
In my opinion, EBAY/PAYPAL should be investigated by the FEDS for anti-trust violations, but that's a whole other can of worms and I'll end my rant here.

But, I seriously doubt this is Apple's fault.
 
Comment

toontra

macrumors 6502
Feb 6, 2003
261
0
London UK
The SCARY part of this is... Have you ever tried to call PAYPAL/EBAY?

It's a nightmare to say the least. All of their customer service is run by Mormons in Utah, so if you even say the word "damn" you're likely to get hung up on if you are even successful in getting live help at all. And that's no lie.

And PAYPAL/EBAY NEVER admits they made a mistake EVER or shouldn't have authorized a transaction!

Agreed. My PayPal account was hacked recently and it was a nightmare trying to get it sorted out. Trying to contact them urgently by phone was very frustrating, and even when they admitted my account had been hacked (definitely at their end IMO) I received no explanation or apology.
 
Comment

aristobrat

macrumors G5
Oct 14, 2005
12,279
1,383
Recently, my account was 'hacked' but it was not linked to PayPal. What pissed me off is Apple protects the hacker, and refuses to disclose who they are, or even their username or e-mail address.
Apple won't give you the hackers username or email address?!? The hacker used YOUR username and email address.

If anything, all that Apple likey has that's traceable is an IP address. And if the hacker was really a hacker, he wasn't connecting via a method that's easy to trace directly back to him. i.e. sitting at a Starbucks cafe, using a free WiFi network
 
Comment

joel90069

macrumors newbie
Jun 9, 2009
6
2
West Hollywood, CA
Have you ever tried calling iTunes/ Apple?

I recently had my iTunes account hacked also, though it had nothing to do with PayPal. There were several hundred dollars of charges to my iTunes account that I never made. No one at Apple would talk to me about iTunes. The only way to communicate with an iTunes person is through email. They will not call and and discuss the situation. They are in an offshore phone facility and rarely check their email if, once a day. I sometimes went several days without an email response. When I finally got one I was told to dispute the charges with my credit card company. They were worthless.
 
Comment

HyperZboy

macrumors 65816
Feb 7, 2007
1,086
1
I still can't believe these lame "Phishing" techniques still work. :confused:

I get emails from Apple all the time on multiple email accounts.

I don't even trust the ones that come to my LEGIT iTUNES account email address, but I can easily see how people could be fooled.

My problems are not iTUNES phishing related, but points out the problems and frustration these people are going to have dealing with PAYPAL/EBAY.

It's a nightmare. But like I said, it's not Apple's fault really.
 
Comment

HyperZboy

macrumors 65816
Feb 7, 2007
1,086
1
I recently had my iTunes account hacked also, though it had nothing to do with PayPal. There were several hundred dollars of charges to my iTunes account that I never made. No one at Apple would talk to me about iTunes. The only way to communicate with an iTunes person is through email. They will not call and and discuss the situation. They are in an offshore phone facility and rarely check their email if, once a day. I sometimes went several days without an email response. When I finally got one I was told to dispute the charges with my credit card company. They were worthless.

I had upgraded Macs/PCs a bunch of times one year and had a roommate who I evicted move out having the computer he was using authorized for my music and I realized I couldn't de-authorize that computer after the roommate moved out (and basically he stole the computer, but we won't go there). Apple limits the # of times you can reset your authorized machines in a single year (I think they should change that). So I emailed Apple and yes there was no access to a live person on the phone, and yes it took 3-4 days before I got a personal email that said Apple had reset my computer authorizations.

So there is definitely room for improvement in Apple's customer support on iTUNES.

The irony here is that Apple wants people like me to ditch my old PowerPC Macs and old PCs and yet if you have lots of machines and do that and reset your authorizations too many times, you're screwed and have to contact Apple to use iTUNES music you paid for on your new MAC! HAHA
 
Comment

CupertinoBob

macrumors member
Jan 27, 2010
63
0
My problems are not iTUNES phishing related, but points out the problems and frustration these people are going to have dealing with PAYPAL/EBAY.
.
Why would anybody trust Paypal? I gave up on them years ago. And how is it Apples fault if you use such a stupid service?
 
Comment

Space Moose

macrumors member
Aug 5, 2006
32
0
The irony here is that Apple wants people like me to ditch my old PowerPC Macs and old PCs and yet if you have lots of machines and do that and reset your authorizations too many times, you're screwed and have to contact Apple to use iTUNES music you paid for on your new MAC! HAHA

Yeah they're really making it hard for you:

Solution 1: De-authorize the computer before you "ditch" it.

Solution 2: If that's not possible, de-authorize all the computers you have authorized.

Solution 3: If *that's* not possible (just how many Macs are you authorizing and then "ditching" each year, by the way?), then call Apple and they'll set you right in a few days.

I call shenanigans on you and your multiple de-authorizations per year, issues authorizing a 6th mac, etc.
 
Comment

TitoC

macrumors 6502
Jun 15, 2007
311
26
https://www.macrumors.com/images/macrumorsthreadlogodarkd.png

. . . this latest round of unauthorized charges again appears to be stemming from nothing more than successful phishing attempts and there has been no security breach within the iTunes Store or PayPal.Reports of "App Store hacked"

Bull. My itunes account (linked to PayPal) was hacked into last week and it was NOT a result of a "phishing" scam. I have never clicked on any phishing scam email, web link, etc. Sorry. I have been in the computer business for over twenty years and am quite aware of all the scams and tricks out there. No. It was a simple case of someone getting into my account via iTunes. It's that simple. No other charges via PayPal were completed. My bank account was not breached. Nothing. Just my iTunes account.

And the funny thing is that it was an old account I had setup last year for my wife who never used it (she got her own account and computer).

But at least Apple and PayPal were very cool about it and refunded the complete $50. But ONLY "Phishing" scams - no. Sorry.
 
Comment

ChazUK

macrumors 603
Feb 3, 2008
5,390
24
Essex (UK)
Wirelessly posted (Mozilla/5.0 (Linux; U; Android 2.2; en-gb; Nexus One Build/MASTER) AppleWebKit/533.1 (KHTML, like Gecko) Version/4.0 Mobile Safari/533.1)

PayPal can gtfo.
 
Comment

Mike225

macrumors 6502a
Jul 15, 2010
521
0
SF BAY
Bull. My itunes account (linked to PayPal) was hacked into last week and it was NOT a result of a "phishing" scam. I have never clicked on any phishing scam email, web link, etc. Sorry. I have been in the computer business for over twenty years and am quite aware of all the scams and tricks out there. No. It was a simple case of someone getting into my account via iTunes. It's that simple. No other charges via PayPal were completed. My bank account was not breached. Nothing. Just my iTunes account.

And the funny thing is that it was an old account I had setup last year for my wife who never used it (she got her own account and computer).

But at least Apple and PayPal were very cool about it and refunded the complete $50. But ONLY "Phishing" scams - no. Sorry.

LOL, I have no idea where MacRumors got the idea it was only phishing. :confused:
 
Comment

FSUSem1noles

macrumors 68000
Feb 23, 2006
1,622
16
Ft. Lauderdale
not taking any chances, I just changed Paypal as my preferred billing method to my Credit Card.. If I do run into a problem, I'd rather deal with Apple and my Credit Card company than having to go through PayPal.. No thanks...
 
Comment

Master Chief

macrumors 6502a
Mar 5, 2009
901
0
I wonder why PayPal didn't catch this:

"His email was filled with nearly 50 receipts from PayPall for $99.99 each. He was able to catch it before his bank disbursed funds to PayPal."

PayPal has no security checks in place?
 
Comment

iEvolution

macrumors 65816
Jul 11, 2008
1,432
2
I still can't believe these lame "Phishing" techniques still work. :confused:

x2, apparently some people STILL don't get it that companies don't ask for that information through email.

Apparently these scams still work because they are still doing it. I get so many of these stupid things on a daily basis it is unreal. What is even more pathetic is at least half of them look like they were written by a 5 year-old.
 
Comment
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.